PRIVACY POLICY

Responsible

The party responsible for data collection and processing within the framework of the General Data Protection Regulation (GDPR) is

ConMoto Strategie und Realisierung GmbH („We“)
Boschetsrieder Str. 69
81379 Munich
Phone: +49 89 78066-138
Internet: https://www.conmoto.de
E-Mail: business@conmoto.de

Contact details of our data protection officer

Hans-Peter Toft
BDO Rechtsanwaltsgesellschaft mbH
Fuhlentwiete 12
20355 Hamburg

Introduction and general information on data processing

The protection of your personal data is extremely important to us. Therefore, we treat your personal data confidentially and comply with the legal provisions on data protection, and here specifically the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). This privacy policy is intended to inform you about the nature, scope and purpose of the collection and use of personal data by us as the aforementioned controller.

We distinguish between various forms of data protection notices, which differ in content according to the respective group of addressees to whom they are directed. Below you will find the data protection notices pursuant to Art. 13 GDPR, which are addressed to our business partners (customers, interested parties and suppliers) as well as visitors to our website (A., B.). The further statements (C. to H.) apply to both our business partners and our website visitors.

A. Business partner

1. Scope of the processing of personal data

As a matter of principle, we only collect data whose processing is either required by law, contractually agreed, necessary for the conclusion and performance of a contract, or voluntarily provided to us on the basis of consent.

2. Legal bases for the processing of personal data

a. Data processing for the performance of a contract

We process the personal data provided to us in accordance with Art. 6 para. 1 lit. b GDPR for the purpose of fulfilling the contract. This includes in particular the use for contract initiation as well as for subsequent contract or customer support.

b. Data processing on the basis of consent

We only base the processing of your personal data on consent pursuant to Art. 6 para. 1 lit. a GDPR if processing is not already justified on other legal grounds.

We request consent if we wish to provide information about the company’s own products and services as well as events and if corresponding data processing is not possible to protect legitimate interests (see also below).

We also ask for your consent if we ever ask you to participate in a survey.

c. Data processing for the protection of legitimate interests

We only process personal data in accordance with Art. 6 para. 1 lit. f GDPR for the protection of legitimate interests if the further requirements of Art. 6 para. 1 lit. f GDPR are met, i.e. if our interests in the data processing or the interests of a third party outweigh your interests or fundamental rights and freedoms in the individual case.

On the basis of Art. 6 para. 1 lit. f GDPR, we process your data – as far as necessary and permissible – in order to check whether we want to or may accept an order.

Furthermore, we use your personal data if and to the extent necessary to protect our legitimate legal interests, for example, to defend and enforce claims. In this respect, the data processing is also based on Art. 6 para. 1 lit. f GDPR.

d. Data processing for compliance with legal obligations

If and to the extent necessary, we process your data in order to comply with any statutory documentation requirements, for example, vis-à-vis tax offices and supervisory authorities. The data processing is based on Art. 6 para. 1 lit. c GDPR. A legal obligation arises in particular from Section of the German Fiscal Code (AO).

Furthermore, we process your data pursuant to Art. 6 para. 1 lit. c GDPR for the purpose of a thorough examination of whether an order may be accepted. The same applies to the obligation imposed on us by law to identify our business partners and the further obligations under the regulations of the Money Laundering Act.

e. Processing of personal data for the protection of vital interests

In the event that your vital interests or those of another natural person make it necessary to process personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

B. Website

1. Scope of the processing of personal data

As a matter of principle, we only collect personal data whose processing is either required by law, contractually agreed, necessary for the conclusion and performance of a contract, or voluntarily provided to us on the basis of consent.

We collect, store and use personal data from you as a visitor to our website only to the extent necessary to provide a functional website and to present our content and services. Beyond that, the collection and use of your personal data is regularly only carried out with your consent. An exception applies in those cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by legal regulations.

2. Legal bases for the processing of personal data

a. Data processing for the performance of a contract

When processing personal data that is necessary for the performance of a contract to which you are a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

b. Data processing on the basis of consent

Insofar as we obtain your consent for processing operations of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis for the processing of personal data. We only base the processing of your personal data on consent pursuant to Art. 6 para. 1 lit. a GDPR if processing is not already justified on other legal grounds.

You may revoke your consent at any time without affecting the lawfulness of the processing carried out so far.

c. Data processing for the protection of legitimate interests

We only process your personal data in accordance with Art. 6 para. 1 lit. f GDPR to protect legitimate interests if the further requirements of Art. 6 para. 1 lit. f GDPR are met, i.e. if our interests in the data processing or the interests of a third party outweigh your interests or fundamental rights and freedoms in the individual case.

On the basis of Art. 6 para. 1 lit. f GDPR, we use your personal data if and to the extent necessary to protect our legitimate legal interests, e.g. for the defense and enforcement of claims. In this respect, the data processing is also based on Art. 6 para. 1 lit. f GDPR.

C. Data deletion and storage period

Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which we are subject as the controller. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires unless there is a need to continue storing the data for the conclusion or performance of a contract.

D. Security through the use of TLS/SSL

If you transmit your data to us via our website, we use current secure technologies, in particular the so-called “Transport Layer Security” transmission (TLS) (previously also known as “Secure Socket Layer” transmission (SSL)). All information and data transmitted using these secure methods is encrypted before being sent to us. This applies in particular to all personal data of our business partners, such as credit card number, bank code, bank account number, name and address.

In order to protect you and us from misuse, the IP address of your computer is transmitted to us. We would like to point out that encryption using these technical methods only works if the corresponding technical settings have also been made on your side.

E. Cookie storage

In order to make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted at the end of the browser session, i.e. after closing the browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies). The duration of storage can be found in the overview in the cookie settings of the web browser.

In addition, we distinguish between technically necessary cookies, those that serve analysis and statistical purposes, and those that serve marketing purposes. The latter concern cookies that are stored to follow you with the intention of showing ads that are relevant and appealing to you and therefore more valuable to publishers and advertising third parties.

When you visit our website for the first time, a GDPR-compliant notice (also called cookie notice, cookie banner or cookie consent banner) appears and you can select which cookies are stored. You can also set your browser to inform you about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings.

We expressly point out that the functionality of our website may be limited if cookies are not accepted.

Insofar as personal data is also processed through implemented cookies, which serve analysis and statistical purposes, the processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the basis of your consent, which you give us through your corresponding selection decision in our cookie consent banner. The same applies with regard to your selection decision on marketing cookies.

Your consent can be revoked at any time. To do so, call up our cookie consent banner again. You will find the link button to the banner under the name “Cookie setting” on every subpage of our website at the bottom of the screen.

If personal data is also processed through implemented cookies, which are technically necessary for the operation of our website, the processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.

F. Individual processing operations

1. Technically necessary data processing operations

a. Provision of the website and creation of log files

Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

Your IP address
Your browser type and version
Your operating system
Date and time of your visit to the website
Duration of your visit to the website
Visited website
Amount of data sent
Internet page/source/reference from which the visit to the website is made

This data is not stored together with your other personal data.

The temporary storage of the IP address by the system is necessary to enable delivery of the website to your computer. For this purpose, your IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

This is also our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f GDPR, which serves as the legal basis for the temporary storage of personal data and log files.

To provide our website and the associated processing of personal data, we use a carefully selected external service provider. This is currently brand-neu text & grafik, Oliver Kranz, Haltener Str. 45, 45657 Recklinghausen, Germany. This service provider may process the personal data exclusively on our instructions for the purposes specified by us within the framework of a data processing agreement pursuant to Art. 28 GDPR and has been obligated to comply with the applicable data protection provisions. Any other use of the data is not permitted. The processing of the data takes place exclusively in the territory of the Federal Republic of Germany, in a member state of the European Union or in a contracting state of the Agreement on the European Economic Area.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, we store your data for a period of 24 hours. After that, the data is anonymized so that it is no longer possible to assign the calling client. After seven days, your data will be deleted.

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility to object.

b. Use of Borlabs Cookie

We use the WordPress plugin Borlabs Cookie on our website. The provider of the plugin is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter “Borlabs”). Borlabs Cookie automatically creates a cookie consent banner for our website visitors and allows you to give consent to data processing – in particular to the setting of cookies – on our website as well as to exercise your right to withdraw consent already given.

With the help of Borlabs Cookies, we are able to keep track of the cookies used on our website and inform you at any time accurately and transparently about the use of these cookies. You will always receive a cookie consent banner that complies with data protection regulations, and you can decide which type of cookies should be allowed (technically necessary, analysis and statistics, marketing).

In the cookie consent banner, your consent status is stored so that our website can also recognize and follow the stored status in future page visits. For this purpose, a cookie is set and the following data is stored:

Cookie runtime
Cookie version
Domain and path of the WordPress website
Consents
UID (randomly generated ID)

This data is not passed on to Borlabs or other third parties. You can find more information about data protection at Borlabs at:

https://de.borlabs.io/datenschutz/

If you wish to change the setting you made when you first visited our website, you can either delete the cookie in your browser or call up our cookie consent banner on our website again and adjust your settings. You will find the corresponding link on every sub-page of our website at the bottom of the screen under “Cookie settings”.

The legal basis for the processing of your personal data is Art. 6 para. 1 lit. f GDPR. We need Borlab’s cookie to provide you with a privacy-compliant consent banner, which allows you to opt-out of cookies, on our website. Consequently, there is no possibility to object.

The duration of data storage is 12 months, starting with your consent in the cookie consent banner. After 12 months your data will be deleted automatically.

c. Use of Friendly Captcha

On our website, we use the Friendly Captcha service of the provider Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany (“Friendly Captcha”). The service prevents or hinders the use of our website by automated programs and scripts (so-called “bots”).

In order to establish a connection to the Friendly Captcha servers with the visitor’s device, a program code is integrated and a calculation task is posed to the visitor’s device. The visitor’s device solves the calculation task, which requires certain system resources, and sends the calculation result to our web server. The server contacts the Friendly Captcha server via an interface and receives a response indicating whether the puzzle was solved correctly by the device. Depending on the result, we can apply security rules to requests via our website and thus, for example, process or reject them.

The data is used exclusively for the protection against spam and bots described above. Cookies are not stored. IP addresses are only stored in hashed (one-way encrypted) form and do not allow us and Friendly Captcha to draw conclusions about an individual person.

The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest to protect our website from abusive access by bots. The defense against spam as well as external attacks (e.g. by mass requests) is mandatory for the operation of our website. Consequently, there is no possibility to object.

For more information about privacy when using Friendly Captcha, please visit.

https://friendlycaptcha.com/legal/privacy-end-users/

2. Data processing operations for analysis and statistical purposes

Use of Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google. “Google” is a group of companies and consists of Google Ireland Ltd (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, as well as other affiliated companies of Google LLC.

Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookies about your use of our website (including your IP address, which is, however, anonymized using the anonymizeIp() method so that it can no longer be assigned to a connection) is transmitted to a Google server in the USA and stored there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google may associate your IP address with other data held by Google.

You can prevent processing by Google Analytics by means of an appropriate setting in your browser software or by means of an appropriate selection in our cookie consent banner. You can prevent tracking by Google Analytics by using the deactivation tools that Google offers for some Internet browsers. You can also prevent the collection of data generated by Google Analytics and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=de

However, we would like to point out that you may not be able to use all the functions of our website to their full extent if you take preventive measures.

The processing of your personal data is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR, which you give us by your selection decision in the cookie consent banner. The transfer of your personal data to the USA takes place in accordance with Art. 45 GDPR on the basis of the adequacy decision issued for the USA, with which the EU Commission has determined a level of data protection in the USA comparable to that in the EU. Google has joined the underlying EU-US Data Privacy Framework (see https://www.dataprivacyframework.gov /s/participant-search).

3. Data processing operations for marketing purposes

a. Use of Google Maps

On our website we use Google Maps (API) from “Google”. Google Maps is a web service for displaying interactive (land) maps to visually show geographical information. Via the use of this service, our location is displayed to you and a possible approach is facilitated.

When you call up the sub-page(s) of our website in which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers and stored there. This may also result in a transmission to Google’s servers in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data will be directly assigned to your account.

If you do not want the assignment with your profile at Google, you must log out before activating the button. However, even if you are not registered with Google or have not logged in, it is possible that Google will learn and store your IP address. If you do not agree with the future transmission of your data to Google in the context of the use of Google Maps, there is also the possibility to completely disable the web service of Google Maps by turning off the application JavaScript in your browser. Google Maps and thus also the map display on our website can then not be used. You can also prevent processing by Google Maps by selecting the appropriate option in our cookie consent banner. However, we would like to point out that if you carry out prevention measures, you will not be able to use all functions of our website to their full extent.

Further information on data protection in connection with the use of Google Maps can be found at:

https://www.google.de/intl/de/policies/privacy

b. Use of SalesViewer®

For lead generation, we use the service SalesViewer® of SalesViewer® GmbH, Huestraße 30, 44787 Bochum, Germany (“SalesViewer GmbH”).

For marketing, market research and optimization purposes, a javascript-based code is used to collect company-related data and use it accordingly. The data collected using this technology is encrypted using a non-reversible one-way function (known as hashing). The data is immediately pseudonymized and not merged with personal data of the bearer of the pseudonym. An identification of the visitors of our website does not take place.

For more information about SalesViewer GmbH’s use of data and compliance with the GDPR, please visit:

https://www.salesviewer.com/datenschutz

The processing of your personal data is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR, which you grant us by making your selection decision in the cookie consent banner.

In addition, you can prevent the collection by SalesViewer® at any time with effect for the future by clicking the link

https://www.salesviewer.com/opt-out

and then click the “Deactivate Tracking” button. This will place an opt-out cookie on your device. However, if you delete the cookies in your browser afterwards, you will have to repeat the process.

c. Use PopupBuilder

On our website, we use the PopupBuilder plugin from the provider Sygnoos, Garegin Nzhdeh 46, Yerevan, Armenia (“Sygnoos”).

The plugin controls popups (overlapping website windows) and ensures that they are displayed depending on the surfing behavior on our website. For this purpose, a session cookie must be set in order to be able to count the number of views of our website. In addition, the plugin uses Google Analytics from “Google” to control the popups. PopupBuilder is intended to enable ads to be displayed not immediately, but only after you have had the opportunity to take a closer look at our website and our offers.

The processing of your personal data is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR, which you grant us by making your selection decision in the cookie consent banner. By making the corresponding selection via our cookie consent banner, you also consent to the transfer of the data collected about you to Sygnoos in the manner and for the purpose described above (Art. 49 para.1 lit. a GDPR). In particular, we would like to inform you that by granting your consent, data will be transferred to Armenia and your data may thus be exposed to access by the authorities there and, in particular, the intelligence services. Further information on data protection in connection with the use of PopupBuilder can be found in section F., 2. of this privacy policy and at:

https//popup-builder.com/privacy-policy

d. External links

We maintain online presences on social networks and career platforms in order to exchange information with the users registered there, to make contact in an uncomplicated manner, and to raise awareness of our company. On our website you will therefore find link buttons to our company profiles on Facebook, X, LinkedIn and Xing.

We do not use social plugins of these networks, but refer to our accounts on our website exclusively by means of a link. You will therefore only be redirected to our accounts on the websites of the individual networks. Accordingly, no data is transmitted from you to the servers of these networks when you visit our website. Only when you are on the pages of the networks by means of a link, your data will be forwarded to their servers.

Please log out of your respective accounts beforehand if you do not want your visit to our website to be assigned to your personal account on the respective third-party site of their operators.

When you click on the link buttons, the login screen of the respective third-party site opens. If you are already logged in there at this time, you will be taken directly to our stored profile.

In principle, the operators of the networks are responsible for the processing of your personal data on these external websites. However, we would like to point out the following:

aa. Facebook

By pressing the “Share on Facebook” button, you will be taken to our company profile on Facebook.

Facebook is a social media platform and is operated by Meta Platforms Inc, 1601 Willow Road, Menlo Park, CA 94025, USA, and Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: “Meta”).

We would like to point out that you use Facebook and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access parts of the information offered via these pages on our website.

When you visit our company profiles on Facebook, Meta collects, among other things, your IP address and other information that is present on your PC in the form of cookies. This information is used to provide us, as the operator of the Facebook profile, with statistical information about the use of the company profile. Meta provides more detailed information on this under the following link:

http://de-de.facebook.com/help/pages/insights

The data collected about you in this context is processed by Meta and may be transferred to countries outside the European Union. Meta describes in its general terms what information it receives and how it is used in its data usage guidelines. There you will also find information on how to contact Meta and on the settings for advertisements. The data usage guidelines are available at the following link:

http://de-de.facebook.com/about/privacy

Facebook’s full privacy policy can be found at:

https://de-de.facebook.com/full_data-use_policy

In what way Meta uses the data from visits to Facebook pages for its own purposes, to what extent activities on Facebook pages are assigned to individual users, how long Meta stores this data and whether data from a visit to the Facebook page is passed on to third parties is not clearly stated by Meta and is not known to us.

When you access the Facebook page, the IP address assigned to your device is transmitted to Meta. According to information from Meta, this IP address is anonymized (for “German” IP addresses). Meta also stores information about the devices of its users (e.g. as part of the “login notification” function); this may enable Meta to assign IP addresses to individual users.

If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is stored on your device. This enables Meta to track that you have visited these pages. This also applies to all other Facebook pages. Via Facebook buttons embedded in websites, it is possible for Meta to record your visits to these websites and assign them to your Facebook profile. Based on this data, content or advertising can be offered tailored to you.

If you want to avoid this, you should log out of Facebook or disable the “stay logged in” feature, delete the cookies present on your device, and exit and restart your browser. In this way, information through which you can be directly identified will be deleted. This allows you to use our Facebook page without revealing your Facebook identifier. When you access interactive features of the site (like, comment, share, message, etc.), a Facebook login screen will appear. After any login, you will again be recognizable to Meta as a specific user.

For information on how to manage or delete information about you, visit the following Facebook support page:

https://de-de.facebook.com/about/privacy#

bb. X (formerly Twitter)

If you click the “Tweet this” button on our website, you will be redirected to our X (formerly Twitter) account. X is a short message service and is operated by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, (“X”).

We point out that you use the service of X and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. haring rating). The data collected about you when using the service will be processed by X and, if necessary, transferred to countries outside the European Union. This data includes, but is not limited to, your IP address, the application you use, information about the device you use (including device ID and application ID), information about websites you visit, your location, and your mobile carrier. This data is assigned to the data of your X account or your X profile.

We have no influence on the type and scope of the data processed by X, the type of processing and the use or the transfer of this data to third parties. Information about what data is processed by X and for what purposes it is used can be found in the privacy policy of X at

https://twitter.com/privacy?lang=de

https://help.twitter.com/de/managing-your-account/accessing-your-twitter-data

https://support.twitter.com/forms/privacy

https://help.twitter.com/de/managing-your-account/how-to-download-your-twitter-archive

X also explains how you can view your personal data processed by X yourself and how you can obtain information via the X privacy form or archive requests.

You can restrict the processing of your data by X in the general settings of your X account. In addition, for mobile devices (smartphones, tablets), you can restrict X’s access to contact and calendar data, photos, location data, etc. in the settings there – depending on the operating system used. You can find more information on this at

https://support.twitter.com/articles/105576#

Through X buttons or widgets embedded on other websites and the use of cookies, it is possible for X to record your visits to these websites and associate them with your X profile. Based on this data, content or advertising can be offered tailored to you. Information on this and on the available setting options can be found at:

https://help.twitter.com/de/using-twitter/tailored-suggestions

https://help.twitter.com/de/rules-and-policies/twitter-cookies

cc. LinkedIn

If you click the “Share on LinkedIn” button on our website, you will be redirected to our account on LinkedIn. LinkedIn is operated by LinkedIn Corporation, 1000 West Maude Avenue Sunnyvale, CA 94085, USA, or as the responsible party in terms of data protection for users from Germany by LinkedIn Ireland Unlimited Company, 70 Sir John Rogerson’s Quay, Dublin 2, Dublin, D02r296, Ireland (hereinafter: “LinkedIn”).

LinkedIn is an Internet-based social network for connecting users with existing business contacts and generating new business contacts. On LinkedIn, companies can create profiles or post job offers.

We point out that you use LinkedIn and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access parts of the information offered via this page on our website.

When you visit our LinkedIn page, LinkedIn collects, among other things, your IP address and other information that is present on your PC in the form of cookies. This information is used to provide us, as the operator of the LinkedIn site, with statistical information about the use of the LinkedIn site. LinkedIn provides more detailed information on this under the following link:

https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

The data collected about you in this context is processed by LinkedIn and may be transferred to countries outside the European Union. What information LinkedIn receives and how it is used is described in LinkedIn’s General Terms in its data usage guidelines. There you will also find information on how to contact LinkedIn and on the settings options for advertisements. LinkedIn’s data usage guidelines are available at the following link:

https://www.linkedin.com/legal/privacy-policy

In what way LinkedIn uses the data from the visit of LinkedIn pages for its own purposes, to what extent activities on the LinkedIn page are assigned to individual users, how long LinkedIn stores this data and whether data from a visit to the LinkedIn page is passed on to third parties, is not conclusively and clearly stated by LinkedIn and is not known to us.

When you access a LinkedIn page, the IP address assigned to your device is transmitted to LinkedIn. According to LinkedIn, this IP address is anonymized (for “German” IP addresses) and deleted after 90 days. LinkedIn also stores information about the devices of its users (e.g. as part of the “login notification” function); LinkedIn may thus be able to assign IP addresses to individual users.

If you are currently logged in to LinkedIn, there is a cookie with your LinkedIn ID on your device. This enables LinkedIn to track that you have visited this website and how you have used it. This also applies to all other LinkedIn pages. Via LinkedIn buttons embedded in websites, it is possible for LinkedIn to record your visits to these websites and assign them to your LinkedIn profile. Based on this data, content or advertising can be offered tailored to you.

If you want to avoid this, you should log out of LinkedIn or disable the “stay logged in” feature, delete the cookies present on your device, and exit and restart your browser. In this way, LinkedIn information through which you can be directly identified will be deleted. This allows you to use our LinkedIn page without revealing your LinkedIn identifier. When you access interactive features of the site (like, comment, share, news, etc.), a LinkedIn login screen will appear. After any login, you will again be recognizable to LinkedIn as a specific user.

For information on how to manage or delete information that exists about you, please visit the following LinkedIn support page:

https://www.linkedin.com/legal/privacy-policy

dd. Xing

By clicking the “Post on Xing” button, you can access our company profile on Xing.

Xing is an Internet-based social network that allows users to connect with existing business contacts and make new business contacts. Individual users can create personal profiles of themselves on Xing. Companies can, for example, create company profiles or publish job offers on Xing. The operating company of Xing is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany (“Xing”).

We point out that you use Xing and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access parts of the information offered via this page on our website.

When you visit our Xing site, Xing collects, among other things, your IP address and other information that is present on your PC in the form of cookies. This information is used to provide us, as the operator of the Xing site, with statistical information about the use of the Xing site. Xing provides more detailed information on this under the following link:

https://privacy.xing.com/de/datenschutzerklaerung

This information (including your IP address) is transmitted by your browser directly to a Xing server in Europe and stored there. If you are logged in to Xing, Xing can directly assign your visit to our website to your Xing account. The information is also published on Xing and displayed to your Xing contacts.

Xing may use this information for the purposes of advertising, market research and demand-oriented design of the Xing pages. For this purpose, Xing creates usage, interest and relationship profiles, e.g. in order to evaluate your use of our website with regard to the advertisements displayed to you on Xing, to inform other Xing users about your activities on our website and to provide other services associated with the use of Xing.

If you do not want Xing to assign the data collected via our website to your Xing account, you must log out of Xing before clicking on the link. For more information about the purpose and scope of data collection and the further processing and use of data by Xing, as well as your rights in this regard and setting options for protecting your privacy, please see:

https://privacy.xing.com/de/datenschutzerklaerung

e. Use of YouTube

On our website we use YouTube. YouTube is a streaming platform and is operated by “Google”.

aa. YouTube video integration

On some subpages of our website, we directly embed videos stored on YouTube. With this integration, content from the YouTube website is displayed in parts of a browser window. However, the YouTube videos are only called up by clicking on them separately. This technique is also called “framing”. When you call up a corresponding sub-page of our website on which YouTube videos are embedded in this form, a connection is established to the YouTube servers and the content is displayed on the website by informing your browser.

YouTube content is only integrated in “extended data protection mode”. Google itself provides this mode and ensures that YouTube does not initially save any cookies on your device. However, when you call up the corresponding sub-page, the IP address and the other data mentioned in section F., 1., a. are transmitted and thus, in particular, informed which of our sub-pages you have visited. This information cannot be assigned to you, however, unless you have logged in to YouTube or another Google service (e.g. Google+) before accessing the page or are permanently logged in.

As soon as you start the playback of an embedded YouTube video by pressing the play button, Google only stores cookies on your device through the extended data protection mode, which do not contain any personally identifiable data, unless you are currently logged in to a Google service. The storage of these cookies can be prevented by appropriate browser settings.

Further information on data protection in connection with the use of YouTube can be found at:

https://policies.google.com/privacy

bb. Linking to YouTube

If you click on one of the YouTube videos embedded on our website, you will be redirected to the YouTube platform and have the option to watch the corresponding video directly on the YouTube platform.

We would like to point out that you use this YouTube channel and its functions on your own
responsibility. This applies in particular to the use of the “Discussion” function. Furthermore, we would like to point out that we have no influence or control over the type and scope of the data processed by Google, the type of data processing and the use and disclosure of this data to third parties. When using YouTube, your personal data may be collected, transferred, stored, disclosed, used by Google and transferred to and stored in the United States or third countries in which Google does business, regardless of your country of residence. In addition, a data transfer to companies affiliated with Google as well as other companies and/or persons processing data on behalf of Google is to be assumed.

Google processes your voluntarily entered data such as name and username, email address and telephone number. Google also collects the content that you create, upload or receive from third parties when using the services (e.g. photos, videos, documents, spreadsheets, comments) and processes the personal data contained therein. The content you share is evaluated by Google to determine which topics interest you. Google can also determine your location based on your IP address and send you advertising or other content tailored to you.

For evaluation, Google may use analysis tools such as Google Analytics. We have no influence on the use of such tools by Google and were not informed about their potential use. We have neither commissioned the use of such tools nor do we support Google in any way. We are also not provided with any data that may be obtained in the course of the analysis, and we have no way of turning off the use of such tools on our YouTube channel. For us, only certain profiles of the subscribers of our YouTube channel are visible.

Even if you are not registered with YouTube, Google retrieves certain information when you use our YouTube channel, such as IP address, browser type, operating system, previously visited websites, search terms used, stored cookies and – if you access via a mobile phone – mobile carrier and the device used (including device ID and application ID).

You can restrict data processing in the general settings of your Google account. In addition, Google also offers specific privacy settings regarding YouTube. You can find more information about this at:

https://policies.google.com/technologies/product-privacy?hl=de&gl=de

Information about which data is processed by Google and for what purposes it is used can be found in Google’s privacy information at:

https://policies.google.com/privacy?hl=de&gl=de#infocollect

Finally, you have the option of requesting information from Google via the privacy form:

https://support.google.com/policies/answer/9581826?visit_id=637054532384299914-2421490167&hl=de&rd=3

4. Use of ClipMyHorse

Our website contains video streams of the TV station ClipMyHorse.TV, Am Sonnenberg 6, 65321 Heidenrod, Germany (“ClipMyHorse”), which specializes in equestrian sports and is embedded in a frame.

To start the stream, we have implemented a so-called two-click solution. After clicking on the video for the first time, another consent banner appears, informing you that data will be transferred to ClipMyHorse when the stream is played. Only after another click, the stream is started and thus also the transmission of your data.

According to information from ClipMyHorse, data that cannot be traced back to individual users is collected in the context of analysis tools. If you are also registered as a user with ClipMyHorse, your user profile will also be enriched with the information that arises from your use of the services of ClipMyHorse (e.g. which videos are viewed, in which order videos are viewed). Cookies are not set by ClipMyHorse in the process. For more information, please see ClipMyHorse’s privacy policy at:

https://www.clipmyhorse.tv/de_DE/privacy

The processing of your personal data is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR, which you give us by double-clicking on the corresponding video stream.

Your consent can be revoked at any time. When you leave the subpage of our website, the settings are automatically reset and you have to double-click again to restart the video stream.

5. Use of Google Tag Manager

We use the service called Google Tag Manager from “Google”. Through this service, website tags can be managed via an interface. The service does not set any cookies and does not collect any personal data itself.

Google Tag Manager takes care of loading other components, which in turn may collect data, but does not access this data. If a deactivation has been made at the domain or cookie level, it remains in place for all tracking tags implemented with Google Tag Manager.

For more information about Google Tag Manager, see Google’s privacy policy at:

https://support.google.com/tagmanager/answer/9323295?hl=de

6. Use of Google Fonts

We use Google Fonts from “Google” on our website. Google Fonts is an interactive directory of more than 800 fonts that Google provides for free use.

The fonts from Google are embedded on our web server and not on Google’s servers. We therefore use Google Fonts locally. There is no processing of personal data and no data transfer to Google in connection with the use of Google Fonts.

7. Use of Quick CTA

On our website we use a so-called Quick-CTA, in which you can enter your e-mail address. This allows us to contact you without you having to send us a separate e-mail. Your deposited e-mail address will be stored by us for this purpose.

The processing of your e-mail address is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR, which you give us by entering it in the appropriate field. If you wish to work towards the conclusion of a contract by entering your e-mail address or your request is made within an existing contractual relationship with us, Art. 6 para. 1 b GDPR serves as an additional legal basis.

Your consent can be revoked at any time. To do so, send us an e-mail to business@conmoto.de. However, we would like to point out that your request cannot be processed further in the event of a revocation.

8. E-mail and contact form

If you send us an e-mail, the personal data you send us with your e-mail will be stored. We also have a contact form on our website that you can use to contact us. In doing so, the following data entered by you in the input mask will be transmitted to us and stored: Name, e-mail address, message. In addition, we record your IP address and the time of sending.

We need your e-mail address to send you our response by e-mail. Providing us with your name enables us to address you personally and to assign your inquiry to the appropriate contact person at our company.

The processing of your personal data is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR, which you give us by providing your data. If you would like to work towards the conclusion of a contract through your request or your request is made within an existing contractual relationship with us, Art. 6 para. 1 lit. b GDPR serves as the legal basis for us to process this data.

Subject to legal retention periods, your personal data will be deleted as soon as we have finally processed your request. If you do not receive a response from us within a period of ten days, your personal data will also be deleted.

9. (Online) application

We have an application form on our website that you can use to submit your application data online. Alternatively, you can also apply to us by e-mail or by post. Depending on the data you enter in this form, the information you provide to us in your application, the documents you attach to your (online) application and the data you provide to us in the course of the application process, the following personal data may be processed by us:

Master data (e.g. title, first name, last name, title, academic degree, gender, date and place of birth, nationality, address, telephone number, e-mail address, marital status, residence and work permit, application photo);

Application data (e.g. cover letter, resume, references, information from job interviews, references);

Health data (e.g., occupational health exams, illnesses, aids related to illness, disabilities);

Information on religious affiliation, from which religious and ideological convictions can be derived, if applicable;

Information on marital status (marriage or registered partnership), which may indicate sexual orientation;

Declarations under data protection law (e.g. declaration(s) of consent to the processing of personal data, declaration(s) of revocation of consent to the processing of personal data, objection to the processing of personal data, assertion of rights of access, rectification, erasure, restriction of processing and data portability, including the information you provide to us when asserting your rights).

Insofar as the processing of personal data is necessary for the decision on the establishment of an employment relationship with us, Art. 6 para. 1 lit. b GDPR serves as our legal basis.

Furthermore, we may process your personal data if this is necessary in accordance with Art. 6 para. 1 lit. c GDPR for the fulfillment of a legal obligation or for the defense of asserted legal claims against us. A legitimate interest is, for example, a duty to provide evidence in proceedings under the German General Equal Treatment Act (AGG).

For the processing of further personal data that you provide voluntarily in your application, the lawfulness of the processing is based on Art. 6 para. 1 lit. a GDPR. Your consent to the processing of this data can be revoked at any time with effect for the future. To do so, send us an email to business@conmoto.de.

If an employment relationship is established between you and us as a result of your application, we may further process the personal data already received from you as part of the application process for the purposes of the employment relationship in accordance with Art. 6 para. 1 lit. b, para. 2 GDPR.

Within our company, we only pass on the personal data you provide as part of the application process to those areas and persons who need this data to fulfill contractual and legal obligations or to implement our legitimate interests. Your applicant data will not be passed on outside our company or to countries outside the EU/EEA.

H. Data recipients

Your data may be passed on by us to external service providers (e.g. IT service providers, companies that destroy or archive data, cloud providers), for example. We will only transfer your data to third parties if we are authorized to do so under data protection law.

The transfer of data to third parties is based either on the fulfillment of legal obligations, on legitimate interests, on the need to fulfill a contract or on the basis of any consent given. If the external service provider acts as a processor, the data transfer takes place within the framework of a data processing agreement.

If a data transfer to processors in countries outside the European Economic Area (EEA) should be necessary, this will take place on the basis of your consent, the EU standard contractual clauses or to countries with regard to which an adequacy decision of the EU is available.

I. Your rights as a data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights against us as the controller:

1. Right to information

You can request confirmation from us as to whether your personal data is being processed by us. If such processing is taking place, you can request information about the following from us in accordance with Art. 15 GDPR:

the purposes for which the personal data are processed
the categories of personal data which are processed
the recipients or categories of recipients to whom your personal have been or will be disclosed
the planned duration of the storage of your personal data or, if concrete information on this is not possible, criteria for the determination of the storage duration
the existence of a right to rectify or erase your personal data, a right to restrict processing by us or a right to object to such processing
the existence of a right of appeal to a supervisory authority
any available information on the origin of the data, if the personal data are not collected from the data subject
the existence of automated decision-making, including profiling, pursuant to Art. 22 para. 1 and para. 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing on you

Furthermore, you have the right to request information about whether your personal data is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. Right to rectification

Pursuant to Art. 16 GDPR, you have a right to rectification and/or completion vis-à-vis us if the processed data concerning you is incorrect and/or incomplete. We must carry out the correction without delay.

3. Right to restriction of processing

Under the following conditions, you may request the restriction of the processing of your personal data in accordance with Art. 18 GDPR:

if you dispute the accuracy of your personal data for a period of time that allows us to verify the accuracy of the personal data
the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data
we no longer need the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims, or
if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether our legitimate grounds override your grounds

If the processing of your personal data has been restricted, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. You will be informed by us before the restriction is lifted.

4. Right to erasure

a. Obligation to erase

Pursuant to Art. 17 GDPR, you may request that we delete your personal data without undue delay. We are obliged to delete this data immediately if one of the following reasons applies:

your personal data are no longer necessary for the purposes for which they were collected or otherwise processed
your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a GDPR is revoked by you and there is no other legal basis for the processing
you object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing
you object to the processing pursuant to Art. 21 para. 2 GDPR
your personal data have been processed unlawfully
the deletion of your personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject
your personal data has been collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR

b. Information to third parties

If we have made your personal data public and we are obliged to erase it pursuant to Art. 17 para. 1 GDPR, we shall take reasonable steps, including technical measures, to inform data controllers processing the personal data that you, as the data subject, have requested that they delete all links to or copies or replications of such personal data, taking into account the available technology and the cost of implementation.

c. Exceptions to the right to erasure

The right to erasure does not exist insofar as the processing is necessary:

on the exercise of the right to freedom of expression and information
for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us
for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and lit. i and Art. 9 para. 3 GDPR
for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the right referred to in Section 1 is likely to render impossible or seriously prejudice the achievement of the purposes of such processing
for the assertion, exercise or defense of legal claims

d. Right to notification

If you have asserted the right to rectification, erasure or restriction of processing against us, we are obligated pursuant to Art. 19 GDPR to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

e. Right to data portability

Pursuant to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another controller to whom the personal data has been provided without hindrance from us, provided that

the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
the processing is carried out with the aid of automated procedures

In exercising this right, you also have the right to have your personal data transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

f. Right of objection

Pursuant to Art. 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is carried out on the basis of Art. 6 para. 1 lit. e or lit. f GDPR; this also applies to profiling based on these provisions. The objection must be substantiated.

Upon receipt of an objection, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications.

g. Right to revoke the declaration of consent under data protection law

Pursuant to Art. 7 para. 3 GDPR, you have the right to revoke your declaration of consent granted under data protection law at any time – even before the GDPR came into force (05/25/2018). The revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

The revocation of consent can be declared via e-mail, letter or telephone to our contact details above. In addition, you can revoke the consent given in our cookie consent banner at any time. To do so, call up our cookie consent banner again. You will find the link button to the banner under the designation “Cookie setting” on every subpage of our website at the bottom of the screen.

h. Automated decision in individual cases including profiling

Pursuant to Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

is necessary for the conclusion or performance of a contract between you and us, or
is permitted by legislation of the Union or the Member States to which we are subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
is done with your express consent

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 lit. 1 GDPR, unless Article 9 para. 2 lit. a or lit. g GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases mentioned in points 1 and 3, we take reasonable measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on our side, to express your point of view and to contest the decision.

i. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

The supervisory authority responsible for us is:

Der Bayerische Landesbeauftragte für den Datenschutz

Postfach 22 12 19

80502 München

Tel.: +49 (0) 89 212672-0

Fax: +49 (0) 89 212672-50

E-mail: poststelle@datenschutz-bayern.de

Status: October 2022